ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
CVE-2026-46521
5.5MEDIUM
What is CVE-2026-46521?
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Affected Version(s)
ImageMagick < 6.9.13-48 < 6.9.13-48
ImageMagick < 7.1.2-23 < 7.1.2-23